Master Assessment Datasheet
The organization being inspected/assessed defines and documents security safeguards to validate that the information system or system component received is genuine and has not been altered IAW DoDI 5200.44. Security safeguards may: 1. Examine for: a. Evidence of unauthorized tampering/modification, intentional bugging/subversion, or harmful features; b. Indicators of weaknesses such as unexpected size/dimensions, substandard workmanship, mismatched serial number or bar code, altered/ unexpected/ counterfeit trademarks or markings, or XRF (x-ray fluorescence); and c. Newly manufactured (not refurbished) elements and for valid licensing (including support agreements). 2. Include: a. Acceptance testing; b. Anti-tamper mechanisms (tamper-resistant and tamper-evident packaging, anti-tamper fence); c. Contact angle analysis and chemical surface analysis; d. Encryption (in motion and at rest); e. Watermarking mechanisms; f. Optical/nanotechnology tagging; g. Side-channel analysis; h. Performance and sub-element baseline; and i. Difficult-to-forge marks (such as digital signatures and hologram tags). DoD has determined the security safeguards are not appropriate to define at the Enterprise level.
The organization conducting the inspection/assessment obtains and examines the documented security safeguards to ensure they have been defined IAW DoDI 5200.44. DoD has determined the security safeguards are not appropriate to define at the Enterprise level.
DISA Compelling Evidence
1) Site's SP, SDLC documentation and CM Plan for definition for validation that information system or system components received are genuine and not altered. 2) Reviewer will validate documentation to verify strategies.